CVE-2023-38486

A vulnerability in the secure boot implementation on affectedAruba 9200 and 9000 Series Controllers and Gateways allowsan attacker to bypass security controls which would normallyprohibit unsigned kernel images from executing. An attackercan use this vulnerability to execute arbitrary runtimeoperating systems, including unverified and unsigned OSimages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
hpeCNA
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
arubanetworksarubaos
8.6.0.22 <
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.7 <
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.1.1 <
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.2 <
𝑥
< 10.4.0.2
arubanetworksarubaos
8.6.0.0 ≤
𝑥
< 8.6.0.22
arubanetworksarubaos
8.10.0.0 ≤
𝑥
< 8.10.0.7
arubanetworksarubaos
8.11.0.0 ≤
𝑥
< 8.11.1.1
arubanetworksarubaos
10.4.0.0 ≤
𝑥
< 10.4.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt